A detailed summary of the RBAC Expansion project.
Overview
In an effort to support customers bringing their own auth providers we needed to expand our RBAC functionality and bring it up to standard
Objective
Support SAML and OIDC auth standards from major providers such as OKTA.
Identifying Feature Requirements:
How should users manage access controls, roles, and teams through the front-end interface?
What defines and distinguishes roles from teams?
How can we restrict access to unauthorized pages based on user permissions?
What is the process for configuring permissions through the front end?
What should the system's initial permission state look like?
How can we ensure the helm configuration stays synchronized with front-end permission changes?
Known Pitfalls
Ensuring proper formatting of permissions and filters data for backend compatibility.
Supporting users with varying levels of RBAC expertise.
Understanding how access control integration affects our navigation structure.
Creating a straightforward process for team permission setup based on specific claims and values.
Engineering Design
Creation and Deletion of Roles/Teams and their implication on the app experience.
Having feature flagging in place so that RBAC changes are enforced by the application.
Implementation
This project was a multi release initiative that had many moving parts and components. It came together to function much like the video posted above. I’ve included a code block of one of the components I toiled it over. It shows several react best practices and it provided a lot of value to our end users.
Measuring Success
Success was measured here if the feature allowed blocking of app wide pages as well as limiting api responses from properly created filters as well as supported providers across multiple disciplines of auth. It was a key ask for retention of customers like Verizon and Fidelity and Nvidia.
